Taking the leap, breaking the Leap Pad

[grap3_ap3]

Hello!

This forum looks to be pretty great and I hope I can give as much as I've gotten in a short time of skimming the posts! I am pretty new to electronics in general and have taken on a fun little project just to see what is and is not possible with electronics.

I've taken apart my kid's old Leap Pad. This board holds an Atmel 228. I'm interested in learning JTAG but there are so few resources that aren't over my head so I'm hoping to find some help as I try to understand. I've attached some pictures of the board after dismantled. I'd like to get to the point where I can talk to the JTAG interface (presuming I'm correct in identifying that in this case marked "J4") and learn how to talk to it. Can I dump/read the firmware? Can I write and flash my own?

I've done some work with the arduino and enjoy that but have just started reading about JTAG but it's been quite hard for my "software guy brain" to adapt to understanding the hardware world. Your input and guidance is appreciated.

 

[grap3_ap3]

Just a bump..

all those views and not a reply to be had

I soldered some connections to the JTAG points of the board. Today I am working to figure out how to get them talking to my laptop.

I'm working on Fedora 16 Linux and have installed a couple packages that I'm hoping will be helpful. What I don't know is how to map the pins of the chip to the JTAG points though I'm seeing some tools that say they'll help with that.

If anyone has any resources that might be helpful, I would greatly appreciate the nudge. I'm coming from a world of software and it's been quite the challenge to wrap my brain around the physical aspect of this project. I appreciate the guidance and help along that way!

 

[(*steve*)]

Well, I've never needed to hack anything with a JTAG interface. Sorry I can't be of help.

 

[grap3_ap3]

That seems to be the status quo. There are so few resources that I have uncovered to accomplish this task so I'm detailing my adventure so I can provide some once I figure this out.

I've soldered wires to the JTAG connection and put them to a breadboard for ease of access, and I've measured the voltage and resistance through the 10 connections but I'm looking now for information on how to determine possible pin usage based off these findings.

I'll continue to document my adventure here in case anyone wants to play along at home. I appreciate any input or insight along the way as this electronics thing is a whole new animal for me.

 

[BobK]

You should also be aware that a programmable chiip in a commercial product is likely to be protected so that you cannot read or write to through the JTAG interface.

Bob

 

[grap3_ap3]

BobK,

I am aware that SHOULD be happening but from my experience in the software world, it rarely does. Thank you for the insight though!

But the goal here is not to worry about what I can't do, it's more to focus on understanding how to interact with the chip and understanding what can be done.

 

[CocaCola]

I am aware that SHOULD be happening but from my experience in the software world, it rarely does. Thank you for the insight though!

And my experience with JTAG (or any other inline programming access) says different... The fact is these companies don't want you messing with the circuit, imagine the publicity nightmare if a childs toy was easily being hacked to saying inappropriate things, a complete image buster to the toy company... You might be able to get some partial reads or even blank and reflash the chip, but changes are REAL good that changing, altering or writing valid changes is slim to none without the proprietary software and knowledge of what is inside or a TON of trial/error/luck... It's simply easier to clone the functions and make a copycat circuit that you can manipulate freely...